(In reply to Microsoft PKI Services from comment #29) > Created attachment 9494215 [details] > Bug1965612_Microsoft PKI Service_Revocation Plan.csv > > Revocation Plan CSV There is a rather concerning line in this plan that requires far more information: >*Note: There is a company wide change advisory that may impact our ability to revoke this week. We will provide further details once we have that clarity. This is regarding a revocation period of 2025-10-27 to 2025-11-02. **Q1:** Are we to interpret that as Microsoft PKI not being able to handle revocation for a week due to an org-wide freeze? More details would be appreciated, even if absolute clarity is not available yet. **Q2:** Has this happened before? **Q3:** If this has happened before, where was the inability to handle revocation disclosed in any of your prior audits? **Q4:** Given this is the 3rd-last 'revocation week', what exactly is stopping an increase in revocations up to this date to make it irrelevant? The action items note: >Standup cross-signed warm standby CAs. We are currently in planning stages. We will have the plan ready before 06/14/2025 **Q5:** Is this plan now ready, and can we see it? The current plan is showing 15 million certificates will be eventually revoked by November, while 56 million will be left to expire. **Q6:** Can Microsoft PKI give examples of any prior incident where this was occurred, nevermind was considered acceptable practice? **Q7:** Will Microsoft PKI be advising the Microsoft Root Store that this is to be considered the high standard to be held against all other CAs they govern? **Q8:** Can Microsoft PKI explain why other Root Programs should take this plan in good faith, in spite of CRL evidence to the contrary and no change in plans appearing to date?
Bug 1965612 Comment 33 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Microsoft PKI Services from comment #29) > Created attachment 9494215 [details] > Bug1965612_Microsoft PKI Service_Revocation Plan.csv > > Revocation Plan CSV There is a rather concerning line in this plan that requires far more information: >*Note: There is a company wide change advisory that may impact our ability to revoke this week. We will provide further details once we have that clarity. This is regarding a revocation period of 2025-10-27 to 2025-11-02. **Q1:** Are we to interpret that as Microsoft PKI not being able to handle revocation for a week due to an org-wide freeze? More details would be appreciated, even if absolute clarity is not available yet. **Q2:** Has this happened before? **Q3:** If this has happened before, where was the inability to handle revocation disclosed in any of your prior audits? **Q4:** Given this is the 3rd-last 'revocation week', what exactly is stopping an increase in revocations up to this date to make it irrelevant? The action items note: >Standup cross-signed warm standby CAs. We are currently in planning stages. We will have the plan ready before 06/14/2025 **Q5:** Is this plan now ready, and can we see it? The current plan is showing 15 million certificates will be eventually revoked by November, while 56 million will be left to expire. **Q6:** Can Microsoft PKI give examples of any prior incident where this has occurred, nevermind was considered acceptable practice? **Q7:** Will Microsoft PKI be advising the Microsoft Root Store that this is to be considered the high standard to be held against all other CAs they govern? **Q8:** Can Microsoft PKI explain why other Root Programs should take this plan in good faith, in spite of CRL evidence to the contrary and no change in plans appearing to date?